Session G658 - X.500 - A Tutorial

August 21-25, 1989

X.500 is an effort to standardize a worldwide electronic mail directory. It has not been implemented anywhere, so much of what was discussed here was vaporware.

If you have access to one of the myriad INTERNET mail networks, you probably have need for something like a telephone book. If you want to send a message, say, to a federal bureaucrat in Washington, you have to know his network address. You can find his network address in three ways:

X.500 provides "The Directory" - an enormous, global, widely distributed database. The X.500 Directory is logically centralized - you enter queries into your own computer, which does lookups based on name, company, address, country and so on. If your computer's directory cannot find the entry you are looking for, it can forward requests to other computers in the network to do directory lookups.

A single directory search might involve hundreds of computers. This idea was insane only a few years ago when we didn't have the telecommunications bandwidth that we enjoy today. Nevertheless, a global search could still be expensive, and X.500 provides safeguards against inadvertently performing a global search.

The X.500 Directory holds arbitrary "information" used to facilitate communication between "objects". The information can be anything: job titles, maiden names, social security number, what-have-you. The Directory is logically tree-structured, and a search is typically top-down. It would make sense for example, to have the top level of the tree be "country", the next level "company", and the level after that "job title", but the standard doesn't require this.

The Directory tree can have aliases and loops. You might be a member of two organizations in the tree, and you would have two electronic addresses. A special type of "alias" node points from one subtree to another. The X.500 standard says that loops can be created with aliases - it is too expensive to try to detect them at create time. X.500 tries to detect loops in the structure when the loop is taken during a search.

X.500 makes some use of public key cryptography, but I don't know how. (In public key cryptography, you have two keys assigned to you - one to keep and one to share. You encrypt data with your recipient's public key, who then decrypts with the private key.)

Back to session index
Back to index of SHARE meetings
Read the disclaimer